Stream: CARIN IG for Blue Button®
Topic: Patient Access P2P Consent
Mark Neumuth (Dec 02 2021 at 18:40):
We are currently planning for CMS 9123 rule and have some questions regarding members opting-in to Payer-to-Payer during enrollment. From the prior ruling that was pulled back: impacted payers must create a process to allow members to opt-in to permit the payer to use the Payer-to-Payer API for bulk access with other payers at enrollment and quarterly with concurrent payers as described below.
1) If a member does not provide consent at enrollment how are payers handling this? Are procedures being put in place for post-enrollment capture?
2) Are any payers leveraging pre-enrollment systems to handle consent? It seems this ruling would change some of our enrollment forms if we end up touching the pre-enrollment process which would be a large effort.
3) Once a member grants consent at enrollment how long is it valid? Will other payers proactively ask members if they have concurrent plans? How often?
4) If a member revokes consent are payers removing the "other payer" data or just stopping the transition of data going forward?
@Ryan Howells
Ryan Howells (Dec 02 2021 at 19:13):
@Mark Neumuth These are great questions! Let me copy a few folks on this email to hopefully get them to chime in here @Cille Kissel Watkins @Mark Roberts @Amol Vyas @Lloyd McKenzie @Caitlyn Campi @Vijey Kris Sridharan @Barbara Valeno
Lloyd McKenzie (Dec 02 2021 at 20:39):
Payer-to-payer is covered under the DaVinci PDex specification, so you might be best asking your questions on #Da Vinci PDex. You're also free to join the Friday calls. (Instructions are here: https://confluence.hl7.org/pages/viewpage.action?pageId=40738760.) We're actually under active discussion about how best to manage consent expectations - both for coverage transition and for parallel coverage.
Brendan Keeler (Dec 04 2021 at 15:47):
Is consent really needed for transfer between two covered entities? HIPAA suggests no and that consent would be opt out
John Moehrke (Dec 04 2021 at 15:48):
at the federal level, correct... but states may have more restrictive consent requirements.. and businesses can always offer more consent to the patient than minimally required by HIPAA
Cille Kissel Watkins (Dec 06 2021 at 14:39):
@Mark Neumuth I think a lot of this depends on how you are planning to implement against the Payer to Payer requirement. If you are using the Patient Access API technology, the opt in and data exchange happens real time regardless of pre/during/post enrollment. You can integrate this feature into many different areas of your technology. Humana does currently allow prospective members to share their Blue Button 2.0 data with Humana to inform their shopping experience. For this flow, the member is able to stop sharing by logging into their previous insurer's portal and stop sharing of data moving forward. This typically translates into deactivation of access and refresh tokens previously assigned to us as the client. The individual is also able to email our support team and ask for us to delete their historical data received from the third party entity, and we will respond within a few business days.
If you're using PDex / HRex, then I would expect that there would be an opt-in form developed that could be slotted in just after the person enrolls in the new plan. The form is not necessarily required by HIPAA, but logistically necessary to ensure you can capture the member ID and other necessary details to make the call to the prior insurer for the person's data. The form should indicate how long the consent is valid for; just my personal opinion, but I would recommend 6 months to make sure that enrollment does occur and that you catch any new data that might come through at the tail end of their old coverage. In theory, you could prompt the new member to go back and fill out the same consent form many times after the initial enrollment if they declined to do it the first time. It might help encourage them to do it by educating them on what the benefit to them will be. I'm not sure if insurers are planning on using refresh tokens for this flow, but we would still be able to honor requests to delete historical data upon request to our email support team.
Last updated: Apr 12 2022 at 19:14 UTC
